Key Point - The process is straight forward. The server tells the client in the configuration request that the authentication is PAP. Client responds with its username and password. The username and password is authenticated against the local database.

Key Point - The functional difference between PAP and CHAP is that CHAP performs a semi-bidirectional authentication. The server tells the client that the authentication is CHAP. The server during authentication sends its username to the client router. The client router then looks up the password in the database and sends the hash in response with its username. The server then checks the database to confirm.